[Samba] Samba 3 + ldap "Domain Users" Can't Logon....
Andre Helberg
ahelberg at gmx.net
Thu Jul 15 09:27:04 GMT 2004
Francisco,
I have almost the same setup and a similar problem,
I can logon with a "Domain User" but the profile does not work
correctly. Outlook for example can not even start. As a "Domain Admin"
everything works well.
I think this is something about missing local rights,
hope we can solve this prob :)
Andre
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces+andre.helberg=juwimm.com at lists.samba.org
> [mailto:samba-bounces+andre.helberg=juwimm.com at lists.samba.org
> ] Im Auftrag von Francisco Santis
> Gesendet: Mittwoch, 14. Juli 2004 17:34
> An: samba at lists.samba.org
> Betreff: [Samba] Samba 3 + ldap "Domain Users" Can't Logon....
>
> Hi, I have a problem with samba3. I run samba 3.0.2 with ldap
> 2.1.23 and smbldap tools 0.8.4, when i logging to the domain
> i don't have problems with "Domain Admins" groups, but i try
> logging to the domain from user in the "Domain Users" groups
> the client (Windows 2000) send me the message "You do not
> have access to logon to this Session". When I add the user
> to the "Domains Admins" groups he log without problems.
> Somebody had east problem?.
>
>
> Greetings
> FSP
>
> pd: This is my smb.conf:
>
> [global]
> unix charset = LOCALE
> workgroup = TPI
> netbios name = TITAN
> winbind uid = 1 - 65535
> interfaces = eth1, lo
> bind interfaces only = Yes
> passdb backend = ldapsam:ldap://127.0.0.1 username map =
> /etc/samba/smbusers log level = 10 syslog = 0 log file =
> /var/log/samba/%m max log size = 50000 smb ports = 139 445
> name resolve order = wins bcast hosts time server = Yes
> printcap name = CUPS show add printer wizard = No add user
> script = /usr/local/sbin/smbldap-useradd -a -m "%u"
> delete user script = /usr/local/sbin/smbldap-userdel %u add
> group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/local/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod
> -m '%u' '%g'
> delete user from group script =
> /usr/local/sbin/smbldap-groupmod -x '%u'
> '%g'
> set primary group script = /usr/local/sbin/smbldap-usermod -g
> '%g' '%u'
> add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
> domain logons = Yes
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> ldap suffix = dc=tpi,dc=cl
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap admin dn = cn=root,dc=tpi,dc=cl
> map acl inherit = Yes
> idmap uid = 1000-20000
> idmap gid = 1000-20000
> printing = cups
> printer admin = Administrator
>
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /home/samba/netlogon
> read only = yes
> guest ok = Yes
> locking = No
>
> [profiles]
> comment = Profile Share
> path = /home/samba/profiles
> read only = yes
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
More information about the samba
mailing list